With 17 patches, Oracle Database products top the fix list for security concerns, two of which are remotely exploitable without user authentication.

Oracle E-Business Suite received 14 patches, six of which are remotely exploitable. Collaboration Suite received five security fixes, with four remotely exploitable. Oracle Application Server needed four patches, three of which are remotely
exploitable without user authentication. Oracle Application Express totaled one patch.

https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne needed seven total
fixes, only one of which is remotely exploitable without authorization.

The July Critical Patch Update (CPU) is the 11th such update since Oracle began the patch cycle initiative in 2004.

The patch cycle notifications continue to get more detailed. For example, in October 2006, Oracle began to detail which flaws were remotely exploitable without authentication. In this update, Oracle in adding the napply CPU (pronounced "en apply").

In a blog post Eric Maurice, manager for security in Oracle's global technology business unit, explained that the napply CPU is an enhanced CPU format for Oracle Database Server for Unix and Linux platforms version
10.2.0.3 and onward (including 10.2.0.4 and 11g).

"In a napply CPU, the security fixes are now grouped in what are called molecules," Maurice wrote on the Oracle Global Product Security blog.

"Each molecule in the CPU is independent, and does not conflict with other molecules in the CPU. Conflicts between molecules occur when fixes included respectively in each molecule affect the same file or group of files. The napply CPU is for the benefit of customers who encounter merge conflicts when installing CPU patches."

Though Maurice noted that most Oracle customers never encounter such
conflicts, the new CPU format should simplify patch conflict resolution
procedures.

The July total for vulnerabilities is above the 36 flaws that Oracle fixed in its last CPU, which came out in
April.

Loading Comments...

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.